You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by mo...@apache.org on 2004/01/02 22:20:11 UTC
cvs commit: jakarta-jetspeed/xdocs security.xml
morciuch 2004/01/02 13:20:11
Modified: . project.xml
docs/site security.html
src/java/org/apache/jetspeed/modules/actions/portlets
SecurityUpdateAction.java
src/java/org/apache/jetspeed/modules/localization
JetspeedLocalization_de.properties
JetspeedLocalization_el.properties
JetspeedLocalization_en.properties
JetspeedLocalization_es.properties
JetspeedLocalization_fr.properties
JetspeedLocalization_it.properties
JetspeedLocalization_ja.properties
JetspeedLocalization_my.properties
JetspeedLocalization_nl.properties
JetspeedLocalization_no.properties
JetspeedLocalization_pl.properties
JetspeedLocalization_pt.properties
JetspeedLocalization_tr.properties
src/java/org/apache/jetspeed/om/registry SecurityAllow.java
SecurityEntry.java
src/java/org/apache/jetspeed/om/registry/base
BaseSecurityAllow.java BaseSecurityEntry.java
src/java/org/apache/jetspeed/services/security/registry
RegistryAccessController.java
TestAccessController.java
webapp/WEB-INF/conf registry.xml
webapp/WEB-INF/templates/vm/portlets/html security-form.vm
xdocs security.xml
Log:
Added support for groups in registry security constraints (see Bugzilla bug# 25871)
Revision Changes Path
1.28 +7 -0 jakarta-jetspeed/project.xml
Index: project.xml
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/project.xml,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -r1.27 -r1.28
--- project.xml 30 Oct 2003 01:53:17 -0000 1.27
+++ project.xml 2 Jan 2004 21:20:10 -0000 1.28
@@ -221,6 +221,13 @@
</properties>
</dependency>
<dependency>
+ <id>hsqldb</id>
+ <version>1.7.1</version>
+ <properties>
+ <war.bundle.jar>true</war.bundle.jar>
+ </properties>
+ </dependency>
+ <dependency>
<id>oro</id>
<version>2.0.6</version>
<properties>
1.28 +26 -2 jakarta-jetspeed/docs/site/security.html
Index: security.html
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/docs/site/security.html,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -r1.27 -r1.28
--- security.html 12 Dec 2003 17:54:17 -0000 1.27
+++ security.html 2 Jan 2004 21:20:10 -0000 1.28
@@ -631,7 +631,7 @@
The default Jetspeed security service stores its security constraints in a Jetspeed registry.
New security constraints are deployed in to Jetspeed as XREG files.
They are standalone, high level registry elements like a portlet-entry.
-Constraints list the valid roles and users for the constraint, and the action for which
+Constraints list the valid roles, groups and users for the constraint, and the action for which
we are allowing (granting) access on the resource.
The tables below defines the valid attributes and elements of a security entry:
</p>
@@ -765,7 +765,7 @@
</td>
<td bgcolor="#a0ddf0" colspan="" rowspan="" valign="top" align="left">
<font color="#000000" size="-1" face="arial,helvetica,sanserif">
- Defines which role will be granted access for the associated action. If not defined, access is denied to everyone for the associated action.
+ Defines which role/group/user will be granted access for the associated action. If not defined, access is denied to everyone for the associated action.
</font>
</td>
</tr>
@@ -806,12 +806,36 @@
<tr>
<td bgcolor="#a0ddf0" colspan="" rowspan="" valign="top" align="left">
<font color="#000000" size="-1" face="arial,helvetica,sanserif">
+ user
+ </font>
+</td>
+ <td bgcolor="#a0ddf0" colspan="" rowspan="" valign="top" align="left">
+ <font color="#000000" size="-1" face="arial,helvetica,sanserif">
+ Defines the security username required for this security constraint.
+ </font>
+</td>
+ </tr>
+ <tr>
+ <td bgcolor="#a0ddf0" colspan="" rowspan="" valign="top" align="left">
+ <font color="#000000" size="-1" face="arial,helvetica,sanserif">
role
</font>
</td>
<td bgcolor="#a0ddf0" colspan="" rowspan="" valign="top" align="left">
<font color="#000000" size="-1" face="arial,helvetica,sanserif">
Defines the security role required for this security constraint.
+ </font>
+</td>
+ </tr>
+ <tr>
+ <td bgcolor="#a0ddf0" colspan="" rowspan="" valign="top" align="left">
+ <font color="#000000" size="-1" face="arial,helvetica,sanserif">
+ group
+ </font>
+</td>
+ <td bgcolor="#a0ddf0" colspan="" rowspan="" valign="top" align="left">
+ <font color="#000000" size="-1" face="arial,helvetica,sanserif">
+ Defines the security group required for this security constraint.
</font>
</td>
</tr>
1.5 +13 -2 jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/SecurityUpdateAction.java
Index: SecurityUpdateAction.java
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/SecurityUpdateAction.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- SecurityUpdateAction.java 4 Aug 2003 00:00:22 -0000 1.4
+++ SecurityUpdateAction.java 2 Jan 2004 21:20:10 -0000 1.5
@@ -75,9 +75,11 @@
import org.apache.velocity.context.Context;
/**
- * @author Administrator
+ * This action sets up the template context for managing of security entries in the Turbine database.
*
- *
+ * @author <a href="mailto:jford@apache.org">Jeremy Ford</a>
+ * @author <a href="mailto:morciuch@apache.org">Mark Orciuch</a>
+ * @version $Id$
*/
public class SecurityUpdateAction extends RegistryUpdateAction
{
@@ -152,10 +154,12 @@
Iterator permissionIter = JetspeedSecurity.getPermissions();
Iterator userIter = JetspeedSecurity.getUsers();
Iterator roleIter = JetspeedSecurity.getRoles();
+ Iterator groupIter = JetspeedSecurity.getGroups();
context.put("permissions", iteratorToCollection(permissionIter));
context.put("users", iteratorToCollection(userIter));
context.put("roles", iteratorToCollection(roleIter));
+ context.put("groups", iteratorToCollection(groupIter));
context.put("entry", securityEntry);
}
@@ -551,6 +555,13 @@
{
allow = new BaseSecurityAllow();
allow.setRole(allowValue);
+
+ securityAccess.getAllows().add(allow);
+ }
+ else if (allowType.equals("group"))
+ {
+ allow = new BaseSecurityAllow();
+ allow.setGroup(allowValue);
securityAccess.getAllows().add(allow);
}
1.23 +2 -1 jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_de.properties
Index: JetspeedLocalization_de.properties
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_de.properties,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -r1.22 -r1.23
--- JetspeedLocalization_de.properties 22 Nov 2003 03:54:58 -0000 1.22
+++ JetspeedLocalization_de.properties 2 Jan 2004 21:20:10 -0000 1.23
@@ -254,6 +254,7 @@
REGISTRY_EDITOR_SECURITY_ACCESS_USER=User
REGISTRY_EDITOR_SECURITY_ACCESS_ROLE=Role
REGISTRY_EDITOR_SECURITY_ACCESS_OWNER=Owner
+REGISTRY_EDITOR_SECURITY_ACCESS_GROUP=Group
REGISTRY_EDITOR_SECURITY_ACCESS_ACTION=Action
REGISTRY_EDITOR_SECURITY_ACCESS_TYPE=Type
1.16 +1 -0 jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_el.properties
Index: JetspeedLocalization_el.properties
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_el.properties,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- JetspeedLocalization_el.properties 22 Nov 2003 03:54:58 -0000 1.15
+++ JetspeedLocalization_el.properties 2 Jan 2004 21:20:10 -0000 1.16
@@ -272,6 +272,7 @@
REGISTRY_EDITOR_SECURITY_ACCESS_USER=\u03a7\u03c1\u03ae\u03c3\u03c4\u03b7\u03c2
REGISTRY_EDITOR_SECURITY_ACCESS_ROLE=\u03a1\u03cc\u03bb\u03bf\u03c2
REGISTRY_EDITOR_SECURITY_ACCESS_OWNER=\u0399\u03b4\u03b9\u03bf\u03ba\u03c4\u03ae\u03c4\u03b7\u03c2
+REGISTRY_EDITOR_SECURITY_ACCESS_GROUP=Group
REGISTRY_EDITOR_SECURITY_ACCESS_ACTION=\u0395\u03bd\u03ad\u03c1\u03b3\u03b5\u03b9\u03b1
REGISTRY_EDITOR_SECURITY_ACCESS_TYPE=\u03a4\u03cd\u03c0\u03bf\u03c2
1.44 +2 -1 jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_en.properties
Index: JetspeedLocalization_en.properties
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_en.properties,v
retrieving revision 1.43
retrieving revision 1.44
diff -u -r1.43 -r1.44
--- JetspeedLocalization_en.properties 22 Nov 2003 03:54:58 -0000 1.43
+++ JetspeedLocalization_en.properties 2 Jan 2004 21:20:10 -0000 1.44
@@ -283,6 +283,7 @@
REGISTRY_EDITOR_SECURITY_ACCESS_USER=User
REGISTRY_EDITOR_SECURITY_ACCESS_ROLE=Role
+REGISTRY_EDITOR_SECURITY_ACCESS_GROUP=Group
REGISTRY_EDITOR_SECURITY_ACCESS_OWNER=Owner
REGISTRY_EDITOR_SECURITY_ACCESS_ACTION=Action
1.22 +2 -1 jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_es.properties
Index: JetspeedLocalization_es.properties
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_es.properties,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- JetspeedLocalization_es.properties 22 Nov 2003 03:54:58 -0000 1.21
+++ JetspeedLocalization_es.properties 2 Jan 2004 21:20:10 -0000 1.22
@@ -271,6 +271,7 @@
REGISTRY_EDITOR_SECURITY_ACCESS_USER=User
REGISTRY_EDITOR_SECURITY_ACCESS_ROLE=Role
REGISTRY_EDITOR_SECURITY_ACCESS_OWNER=Owner
+REGISTRY_EDITOR_SECURITY_ACCESS_GROUP=Group
REGISTRY_EDITOR_SECURITY_ACCESS_ACTION=Action
REGISTRY_EDITOR_SECURITY_ACCESS_TYPE=Type
1.29 +2 -1 jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_fr.properties
Index: JetspeedLocalization_fr.properties
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_fr.properties,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -r1.28 -r1.29
--- JetspeedLocalization_fr.properties 22 Nov 2003 03:54:58 -0000 1.28
+++ JetspeedLocalization_fr.properties 2 Jan 2004 21:20:10 -0000 1.29
@@ -282,6 +282,7 @@
REGISTRY_EDITOR_SECURITY_ACCESS_USER=User
REGISTRY_EDITOR_SECURITY_ACCESS_ROLE=Role
REGISTRY_EDITOR_SECURITY_ACCESS_OWNER=Owner
+REGISTRY_EDITOR_SECURITY_ACCESS_GROUP=Group
REGISTRY_EDITOR_SECURITY_ACCESS_ACTION=Action
REGISTRY_EDITOR_SECURITY_ACCESS_TYPE=Type
1.24 +1 -0 jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_it.properties
Index: JetspeedLocalization_it.properties
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_it.properties,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- JetspeedLocalization_it.properties 22 Nov 2003 03:54:58 -0000 1.23
+++ JetspeedLocalization_it.properties 2 Jan 2004 21:20:11 -0000 1.24
@@ -280,6 +280,7 @@
REGISTRY_EDITOR_SECURITY_ACCESS_USER=User
REGISTRY_EDITOR_SECURITY_ACCESS_ROLE=Ruolo
REGISTRY_EDITOR_SECURITY_ACCESS_OWNER=Proprietario
+REGISTRY_EDITOR_SECURITY_ACCESS_GROUP=Group
REGISTRY_EDITOR_SECURITY_ACCESS_ACTION=Action
REGISTRY_EDITOR_SECURITY_ACCESS_TYPE=Tipo
1.22 +2 -1 jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_ja.properties
Index: JetspeedLocalization_ja.properties
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_ja.properties,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- JetspeedLocalization_ja.properties 22 Nov 2003 03:54:58 -0000 1.21
+++ JetspeedLocalization_ja.properties 2 Jan 2004 21:20:11 -0000 1.22
@@ -278,6 +278,7 @@
REGISTRY_EDITOR_SECURITY_ACCESS_USER=\u30e6\u30fc\u30b6\u30fc
REGISTRY_EDITOR_SECURITY_ACCESS_ROLE=\u30ed\u30fc\u30eb
REGISTRY_EDITOR_SECURITY_ACCESS_OWNER=\u30aa\u30fc\u30ca\u30fc
+REGISTRY_EDITOR_SECURITY_ACCESS_GROUP=Group
REGISTRY_EDITOR_SECURITY_ACCESS_ACTION=\u30a2\u30af\u30b7\u30e7\u30f3
REGISTRY_EDITOR_SECURITY_ACCESS_TYPE=\u30bf\u30a4\u30d7
1.16 +1 -0 jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_my.properties
Index: JetspeedLocalization_my.properties
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_my.properties,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- JetspeedLocalization_my.properties 22 Nov 2003 03:54:58 -0000 1.15
+++ JetspeedLocalization_my.properties 2 Jan 2004 21:20:11 -0000 1.16
@@ -217,6 +217,7 @@
REGISTRY_EDITOR_SECURITY_ACCESS_USER=User
REGISTRY_EDITOR_SECURITY_ACCESS_ROLE=Role
REGISTRY_EDITOR_SECURITY_ACCESS_OWNER=Owner
+REGISTRY_EDITOR_SECURITY_ACCESS_GROUP=Group
REGISTRY_EDITOR_SECURITY_ACCESS_ACTION=Action
REGISTRY_EDITOR_SECURITY_ACCESS_TYPE=Type
1.19 +2 -1 jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_nl.properties
Index: JetspeedLocalization_nl.properties
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_nl.properties,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- JetspeedLocalization_nl.properties 22 Nov 2003 03:54:58 -0000 1.18
+++ JetspeedLocalization_nl.properties 2 Jan 2004 21:20:11 -0000 1.19
@@ -280,6 +280,7 @@
REGISTRY_EDITOR_SECURITY_ACCESS_USER=User
REGISTRY_EDITOR_SECURITY_ACCESS_ROLE=Role
REGISTRY_EDITOR_SECURITY_ACCESS_OWNER=Owner
+REGISTRY_EDITOR_SECURITY_ACCESS_GROUP=Group
REGISTRY_EDITOR_SECURITY_ACCESS_ACTION=Action
REGISTRY_EDITOR_SECURITY_ACCESS_TYPE=Type
1.23 +2 -1 jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_no.properties
Index: JetspeedLocalization_no.properties
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_no.properties,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -r1.22 -r1.23
--- JetspeedLocalization_no.properties 22 Nov 2003 03:54:58 -0000 1.22
+++ JetspeedLocalization_no.properties 2 Jan 2004 21:20:11 -0000 1.23
@@ -290,6 +290,7 @@
REGISTRY_EDITOR_SECURITY_ACCESS_USER=Bruker
REGISTRY_EDITOR_SECURITY_ACCESS_ROLE=Rolle
REGISTRY_EDITOR_SECURITY_ACCESS_OWNER=Eier
+REGISTRY_EDITOR_SECURITY_ACCESS_GROUP=Group
REGISTRY_EDITOR_SECURITY_ACCESS_ACTION=Aksjon
REGISTRY_EDITOR_SECURITY_ACCESS_TYPE=Type
1.15 +2 -1 jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_pl.properties
Index: JetspeedLocalization_pl.properties
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_pl.properties,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- JetspeedLocalization_pl.properties 22 Nov 2003 03:54:58 -0000 1.14
+++ JetspeedLocalization_pl.properties 2 Jan 2004 21:20:11 -0000 1.15
@@ -309,6 +309,7 @@
REGISTRY_EDITOR_SECURITY_ACCESS_USER=User
REGISTRY_EDITOR_SECURITY_ACCESS_ROLE=Role
REGISTRY_EDITOR_SECURITY_ACCESS_OWNER=Owner
+REGISTRY_EDITOR_SECURITY_ACCESS_GROUP=Group
REGISTRY_EDITOR_SECURITY_ACCESS_ACTION=Action
REGISTRY_EDITOR_SECURITY_ACCESS_TYPE=Type
1.2 +1 -0 jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_pt.properties
Index: JetspeedLocalization_pt.properties
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_pt.properties,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- JetspeedLocalization_pt.properties 26 Nov 2003 17:18:05 -0000 1.1
+++ JetspeedLocalization_pt.properties 2 Jan 2004 21:20:11 -0000 1.2
@@ -272,6 +272,7 @@
REGISTRY_EDITOR_SECURITY_ACCESS_USER=User
REGISTRY_EDITOR_SECURITY_ACCESS_ROLE=Role
REGISTRY_EDITOR_SECURITY_ACCESS_OWNER=Owner
+REGISTRY_EDITOR_SECURITY_ACCESS_GROUP=Group
REGISTRY_EDITOR_SECURITY_ACCESS_ACTION=Action
REGISTRY_EDITOR_SECURITY_ACCESS_TYPE=Type
1.14 +1 -0 jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_tr.properties
Index: JetspeedLocalization_tr.properties
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_tr.properties,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- JetspeedLocalization_tr.properties 22 Nov 2003 03:54:58 -0000 1.13
+++ JetspeedLocalization_tr.properties 2 Jan 2004 21:20:11 -0000 1.14
@@ -286,6 +286,7 @@
REGISTRY_EDITOR_SECURITY_ACCESS_USER=Kullan\u0131c\u0131
REGISTRY_EDITOR_SECURITY_ACCESS_ROLE=Rol
REGISTRY_EDITOR_SECURITY_ACCESS_OWNER=Sahip
+REGISTRY_EDITOR_SECURITY_ACCESS_GROUP=Group
REGISTRY_EDITOR_SECURITY_ACCESS_ACTION=Aksiyon
REGISTRY_EDITOR_SECURITY_ACCESS_TYPE=Tip
1.4 +13 -2 jakarta-jetspeed/src/java/org/apache/jetspeed/om/registry/SecurityAllow.java
Index: SecurityAllow.java
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/om/registry/SecurityAllow.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- SecurityAllow.java 25 Aug 2002 19:09:41 -0000 1.3
+++ SecurityAllow.java 2 Jan 2004 21:20:11 -0000 1.4
@@ -1,7 +1,7 @@
/* ====================================================================
* The Apache Software License, Version 1.1
*
- * Copyright (c) 2000-2001 The Apache Software Foundation. All rights
+ * Copyright (c) 2000-2003 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -59,6 +59,7 @@
*
*
* @author <a href="mailto:paulsp@apache.org">Paul Spencer</a>
+ * @author <a href="mailto:morciuch@apache.org">Mark Orciuch</a>
* @version $Id$
*/
public interface SecurityAllow {
@@ -72,6 +73,16 @@
* @param role New value of property role.
*/
public void setRole(String role);
+
+ /** Getter for property group.
+ * @return Value of property group.
+ */
+ public String getGroup();
+
+ /** Setter for property group.
+ * @param role New value of property group.
+ */
+ public void setGroup(String group);
/** Getter for property user.
* @return Value of property user.
1.5 +86 -2 jakarta-jetspeed/src/java/org/apache/jetspeed/om/registry/SecurityEntry.java
Index: SecurityEntry.java
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/om/registry/SecurityEntry.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- SecurityEntry.java 15 Apr 2003 20:44:55 -0000 1.4
+++ SecurityEntry.java 2 Jan 2004 21:20:11 -0000 1.5
@@ -1,7 +1,7 @@
/* ====================================================================
* The Apache Software License, Version 1.1
*
- * Copyright (c) 2000-2001 The Apache Software Foundation. All rights
+ * Copyright (c) 2000-2003 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -67,6 +67,7 @@
*
* @author <a href="mailto:paulsp@apache.org">Paul Spencer</a>
* @author <a href="mailto:weaver@apache.org">Scott T. Weaver</a>
+ * @author <a href="mailto:morciuch@apache.org">Mark Orciuch</a>
* @version $Id$
*/
@@ -155,6 +156,25 @@
* @return <CODE>true</CODE> if action is allowed for role
*/
public boolean allowsRole(String role, String action);
+
+ /**
+ * Authorizes action for a group
+ *
+ * @param group requesting action
+ * @param action being requested
+ * @return <CODE>true</CODE> if action is allowed for role
+ */
+ public boolean allowsGroup(String group, String action);
+
+ /**
+ * Authorizes action for a group role
+ *
+ * @param group requesting action
+ * @param role requesting action
+ * @param action being requested
+ * @return <CODE>true</CODE> if action is allowed for role
+ */
+ public boolean allowsGroupRole(String group, String role, String action);
/**
* Aututhorizes action for a named user
@@ -196,6 +216,50 @@
*/
boolean allowsSpecificRole(String action, String role);
+ /**
+ * Grants access for a specific action to a specific group
+ * for this SecurityEntry. This grants specific access ignores
+ * "*" action, if it exists.
+ * @param String action The action we are granting access to.
+ * @param String group The group that will receive access to this action.
+ * @return boolean Whether or not the access was granted. Basically,
+ * a <code>false</code> means that this group already has specific access.
+ */
+ boolean grantGroupAccess(String action, String group);
+
+ /**
+ * Checks whether a group is specifically allowed to access the request action
+ * This method ignores the "*" action and is here to play a maintenance role.
+ * @param String action name of action to check
+ * @param String group name of group to verify access for
+ * @return boolean whether or not the <code>group</code> has access
+ * to this specific action.
+ */
+ boolean allowsSpecificGroup(String action, String group);
+
+ /**
+ * Grants access for a specific action to a specific group role
+ * for this SecurityEntry. This grants specific access ignores
+ * "*" action, if it exists.
+ * @param String action The action we are granting access to.
+ * @param String group The group that will receive access to this action.
+ * @param String role The role that will receive access to this action.
+ * @return boolean Whether or not the access was granted. Basically,
+ * a <code>false</code> means that this group role already has specific access.
+ */
+ boolean grantGroupRoleAccess(String action, String group, String role);
+
+ /**
+ * Checks whether a group role is specifically allowed to access the request action
+ * This method ignores the "*" action and is here to play a maintenance role.
+ * @param String action name of action to check
+ * @param String group name of group to verify access for
+ * @param String role name of group to verify access for
+ * @return boolean whether or not the <code>group role</code> has access
+ * to this specific action.
+ */
+ boolean allowsSpecificGroupRole(String action, String group, String role);
+
/**
* Returns the SecurityAccess object for the <code>action</code>
* requested or null if no specific access is defined for this action.
@@ -254,4 +318,24 @@
* was removed.
*/
boolean revokeRoleAccess(String action, String role);
+
+ /**
+ * Removes a group's access to a specific action.
+ * @param action Action to remove access from.
+ * @param group The group whose access we are revoking.
+ * @return boolean Whether or not the access existed and
+ * was removed.
+ */
+ boolean revokeGroupAccess(String action, String group);
+
+ /**
+ * Removes a group role's access to a specific action.
+ * @param action Action to remove access from.
+ * @param group The group whose access we are revoking.
+ * @param role The role whose access we are revoking.
+ * @return boolean Whether or not the access existed and
+ * was removed.
+ */
+ boolean revokeGroupRoleAccess(String action, String group, String role);
+
}
1.4 +20 -1 jakarta-jetspeed/src/java/org/apache/jetspeed/om/registry/base/BaseSecurityAllow.java
Index: BaseSecurityAllow.java
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/om/registry/base/BaseSecurityAllow.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- BaseSecurityAllow.java 25 Aug 2002 19:09:42 -0000 1.3
+++ BaseSecurityAllow.java 2 Jan 2004 21:20:11 -0000 1.4
@@ -68,6 +68,9 @@
{
/** Holds value of property role. */
private String role;
+
+ /** Holds value of property group. */
+ private String group;
/** Holds value of property user. */
private String user;
@@ -105,6 +108,22 @@
{
this.role = role;
}
+
+ /** Getter for property group.
+ * @return Value of property group.
+ */
+ public String getGroup()
+ {
+ return group;
+ }
+
+ /** Setter for property group.
+ * @param role New value of property group.
+ */
+ public void setGroup(String group)
+ {
+ this.group = group;
+ }
/** Getter for property user.
* @return Value of property user.
1.12 +316 -10 jakarta-jetspeed/src/java/org/apache/jetspeed/om/registry/base/BaseSecurityEntry.java
Index: BaseSecurityEntry.java
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/om/registry/base/BaseSecurityEntry.java,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- BaseSecurityEntry.java 5 Aug 2003 23:20:26 -0000 1.11
+++ BaseSecurityEntry.java 2 Jan 2004 21:20:11 -0000 1.12
@@ -1,7 +1,7 @@
/* ====================================================================
* The Apache Software License, Version 1.1
*
- * Copyright (c) 2000-2001 The Apache Software Foundation. All rights
+ * Copyright (c) 2000-2003 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -71,6 +71,7 @@
*
* @author <a href="mailto:paulsp@apache.org">Paul Spencer</a>
* @author <a href="mailto:weaver@apache.org">Scott T. Weaver</a>
+ * @author <a href="mailto:morciuch@apache.org">Mark Orciuch</a>
* @version $Id$
*/
public class BaseSecurityEntry extends BaseRegistryEntry implements SecurityEntry, java.io.Serializable
@@ -85,12 +86,20 @@
public static final String ALL_ROLES = "*";
+ public static final String ALL_GROUPS = "*";
+
+ public static final String ALL_GROUP_ROLES = "*";
+
public static final String ALL_USERS = "*";
private static final String OWNER_MAP = "owner";
private static final String ROLE_MAP = "role";
+ private static final String GROUP_MAP = "group";
+
+ private static final String GROUP_ROLE_MAP = "grouprole";
+
private static final String USER_MAP = "user";
private static transient Object accessMapSync = new Object();
@@ -197,6 +206,85 @@
return allow;
}
+ /**
+ * Aututhorizes action for a group.
+ *
+ * o If the requested action and the action ALL_ACTIONS
+ * do not exist, then return false.
+ *
+ * o If the requesting role and ALL_GROUP does not exist for the
+ * the action, then return false.
+ *
+ * @param group requesting action
+ * @param action being requested
+ * @return <CODE>true</CODE> if action is allowed for group
+ */
+ public boolean allowsGroup(String group, String action)
+ {
+ Map allowMap = null;
+ boolean allow = false;
+
+ if (accessMap == null)
+ {
+ buildAccessMap();
+ }
+
+ // Checked action
+ allowMap = (Map) accessMap.get(action);
+ allow = isInAllowMap(allowMap, GROUP_MAP, group, ALL_GROUPS);
+ if (allow == true)
+ {
+ return allow;
+ }
+
+ // Checked all actions
+ allowMap = (Map) accessMap.get(ALL_ACTIONS);
+ allow = isInAllowMap(allowMap, GROUP_MAP, group, ALL_GROUPS);
+
+ // Not allowed
+ return allow;
+ }
+
+ /**
+ * Authorizes action for a group role.
+ *
+ * o If the requested action and the action ALL_ACTIONS
+ * do not exist, then return false.
+ *
+ * o If the requesting group role and ALL_GROUPS_ROLES does not exist for the
+ * the action, then return false.
+ *
+ * @param group requesting action
+ * @param role requesting action
+ * @param action being requested
+ * @return <CODE>true</CODE> if action is allowed for group role
+ */
+ public boolean allowsGroupRole(String group, String role, String action)
+ {
+ Map allowMap = null;
+ boolean allow = false;
+
+ if (accessMap == null)
+ {
+ buildAccessMap();
+ }
+
+ // Checked action
+ allowMap = (Map) accessMap.get(action);
+ allow = isInAllowMap(allowMap, GROUP_ROLE_MAP, group+role, ALL_GROUP_ROLES);
+ if (allow == true)
+ {
+ return allow;
+ }
+
+ // Checked all actions
+ allowMap = (Map) accessMap.get(ALL_ACTIONS);
+ allow = isInAllowMap(allowMap, GROUP_ROLE_MAP, group+role, ALL_GROUP_ROLES);
+
+ // Not allowed
+ return allow;
+ }
+
/**
* Aututhorizes action for a named user
*
@@ -289,6 +377,53 @@
}
return false;
}
+
+ /**
+ * Checks whether a group is specifically allowed to access the request action
+ * This method ignores the "*" action and is here to play a maintenance role.
+ */
+ public boolean allowsSpecificGroup(String action, String group)
+ {
+ SecurityAccess access = (SecurityAccess) getAccess(action);
+ if (access.getAllAllows() != null)
+ {
+ Iterator allAllows = access.getAllows().iterator();
+ while (allAllows.hasNext())
+ {
+ SecurityAllow allow = (SecurityAllow) allAllows.next();
+ if (allow.getGroup() != null && allow.getGroup().equals(group))
+ {
+ return true;
+ }
+ }
+ }
+ return false;
+ }
+
+ /**
+ * Checks whether a group role is specifically allowed to access the request action
+ * This method ignores the "*" action and is here to play a maintenance role.
+ */
+ public boolean allowsSpecificGroupRole(String action, String group, String role)
+ {
+ SecurityAccess access = (SecurityAccess) getAccess(action);
+ if (access.getAllAllows() != null)
+ {
+ Iterator allAllows = access.getAllows().iterator();
+ while (allAllows.hasNext())
+ {
+ SecurityAllow allow = (SecurityAllow) allAllows.next();
+ if (allow.getGroup() != null &&
+ allow.getGroup().equals(group) &&
+ allow.getRole() != null &&
+ allow.getRole().equals(role))
+ {
+ return true;
+ }
+ }
+ }
+ return false;
+ }
/**
* Checks whether a role is specifically allowed to access the request action
@@ -375,6 +510,72 @@
return false;
}
+
+ /**
+ * Grants access for a specific action to a specific group
+ * for this SecurityEntry. This grants specific access ignores
+ * "*" action, if it exists.
+ * @param String action The action we are granting access to.
+ * @param String group The group that will receive access to this action.
+ * @return boolean Whether or not the access was granted. Basically,
+ * a <code>false</code> means that this group already has specific access.
+ */
+ public boolean grantGroupAccess(String action, String group)
+ {
+ if (!allowsSpecificGroup(action, role))
+ {
+ SecurityAccess access = getAccess(action);
+ List allows = access.getAllows();
+ if (allows == null)
+ {
+ allows = new Vector();
+ }
+
+ BaseSecurityAllow allow = new BaseSecurityAllow();
+ allow.setGroup(group);
+ allows.add(allow);
+
+ buildAccessMap();
+
+ return true;
+ }
+
+ return false;
+ }
+
+ /**
+ * Grants access for a specific action to a specific group fole
+ * for this SecurityEntry. This grants specific access ignores
+ * "*" action, if it exists.
+ * @param String action The action we are granting access to.
+ * @param String group The group that will receive access to this action.
+ * @param String role The role that will receive access to this action.
+ * @return boolean Whether or not the access was granted. Basically,
+ * a <code>false</code> means that this group role already has specific access.
+ */
+ public boolean grantGroupRoleAccess(String action, String group, String role)
+ {
+ if (!allowsSpecificGroupRole(action, group, role))
+ {
+ SecurityAccess access = getAccess(action);
+ List allows = access.getAllows();
+ if (allows == null)
+ {
+ allows = new Vector();
+ }
+
+ BaseSecurityAllow allow = new BaseSecurityAllow();
+ allow.setGroup(group);
+ allow.setRole(role);
+ allows.add(allow);
+
+ buildAccessMap();
+
+ return true;
+ }
+
+ return false;
+ }
/**
* Grants access for a specific action to a specific user
@@ -446,6 +647,83 @@
return false;
}
+ /**
+ * Removes a group's access to a specific action.
+ * @param action Action to remove access from.
+ * @param group The group whose access we are revoking.
+ * @return boolean Whehter or not the access existed and
+ * was removed.
+ */
+ public boolean revokeGroupAccess(String action, String group)
+ {
+ if (allowsSpecificGroup(action, group))
+ {
+ SecurityAccess access = getAccess(action);
+ List allows = access.getAllows();
+ if (allows == null || allows.isEmpty())
+ {
+ revokeAccess(action);
+ return false;
+ }
+
+ for (int i = 0; i < allows.size(); i++)
+ {
+ BaseSecurityAllow allow = (BaseSecurityAllow) allows.get(i);
+ if (allow.getGroup() != null && allow.getGroup().equals(group))
+ {
+ allows.remove(i);
+ if (allows.isEmpty() && access.getOwnerAllows().isEmpty())
+ {
+ revokeAccess(action);
+ }
+
+ return true;
+ }
+ }
+ }
+ return false;
+ }
+
+ /**
+ * Removes a group role's access to a specific action.
+ * @param action Action to remove access from.
+ * @param group The group whose access we are revoking.
+ * @param role The role whose access we are revoking.
+ * @return boolean Whether or not the access existed and
+ * was removed.
+ */
+ public boolean revokeGroupRoleAccess(String action, String group, String role)
+ {
+ if (allowsSpecificGroupRole(action, group, role))
+ {
+ SecurityAccess access = getAccess(action);
+ List allows = access.getAllows();
+ if (allows == null || allows.isEmpty())
+ {
+ revokeAccess(action);
+ return false;
+ }
+
+ for (int i = 0; i < allows.size(); i++)
+ {
+ BaseSecurityAllow allow = (BaseSecurityAllow) allows.get(i);
+ if (allow.getGroup() != null &&
+ allow.getGroup().equals(group) &&
+ allow.getRole() != null &&
+ allow.getRole().equals(role))
+ {
+ allows.remove(i);
+ if (allows.isEmpty() && access.getOwnerAllows().isEmpty())
+ {
+ revokeAccess(action);
+ }
+
+ return true;
+ }
+ }
+ }
+ return false;
+ }
/**
* Removes a user's access to a specific action.
@@ -557,8 +835,11 @@
{
SecurityAllow allowElement = null;
String role = null;
+ String group = null;
Map ownerMap = null; // Map of owner allowed
Map roleMap = null; // Map of roles allowed
+ Map groupMap = null; // Map of groups allowed
+ Map groupRoleMap = null; // Map of group role allowed
Map userMap = null; // Map of users allowed
String userName = null;
@@ -573,7 +854,7 @@
allowElement = (SecurityAllow) allowIterator.next();
role = null;
userName = null;
-
+ group = null;
// Add Owner
if (allowElement.isOwner() == true)
@@ -600,6 +881,31 @@
roleMap.put(role, null);
}
+ // Add Group
+ group = allowElement.getGroup();
+ if (group != null)
+ {
+ groupMap = (Map) accessMap.get(GROUP_MAP);
+ if (groupMap == null)
+ {
+ groupMap = new HashMap();
+ accessMap.put(GROUP_MAP, groupMap);
+ }
+ groupMap.put(group, null);
+ }
+
+ // Add Group Role
+ if (group != null && role != null)
+ {
+ groupRoleMap = (Map) accessMap.get(GROUP_ROLE_MAP);
+ if (groupRoleMap == null)
+ {
+ groupRoleMap = new HashMap();
+ accessMap.put(GROUP_ROLE_MAP, groupRoleMap);
+ }
+ groupRoleMap.put(group+role, null);
+ }
+
// Add User
userName = allowElement.getUser();
if (userName != null)
@@ -619,9 +925,9 @@
* Search allow map of user/role or "all user/role"
*
* @param allowMap Map of allow-if
- * @param mapType ROLE_MAP or USER_MAP
+ * @param mapType ROLE_MAP or USER_MAP or GROUP_MAP or GROUP_ROLE_MAP
* @param mapKey role or user to test
- * @param allKey ALL_ROLE or ALL_USER
+ * @param allKey ALL_ROLE or ALL_USER or ALL_GROUP or ALL_GROUP_ROLE
* @return <CODE>true</CODE> or <CODE>false</CODE>
*/
private boolean isInAllowMap(Map allowMap, String mapType, String mapKey, String allKey)
@@ -629,15 +935,15 @@
boolean allow = false;
if (allowMap != null)
{
- Map allowRoleMap = (Map) allowMap.get(mapType);
- if (allowRoleMap == null)
+ Map allowTypeMap = (Map) allowMap.get(mapType);
+ if (allowTypeMap == null)
{
- return allowMap.isEmpty(); // If acction exist and no allows, then grant permission
+ return allowMap.isEmpty(); // If action exist and no allows, then grant permission
}
- allow = allowRoleMap.containsKey(mapKey);
+ allow = allowTypeMap.containsKey(mapKey);
if (allow == false)
{
- allow = allowRoleMap.containsKey(allKey);
+ allow = allowTypeMap.containsKey(allKey);
}
return allow;
}
1.8 +14 -6 jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/registry/RegistryAccessController.java
Index: RegistryAccessController.java
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/registry/RegistryAccessController.java,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- RegistryAccessController.java 23 Jul 2003 19:50:24 -0000 1.7
+++ RegistryAccessController.java 2 Jan 2004 21:20:11 -0000 1.8
@@ -1,7 +1,7 @@
/* ====================================================================
* The Apache Software License, Version 1.1
*
- * Copyright (c) 2000-2001 The Apache Software Foundation. All rights
+ * Copyright (c) 2000-2003 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -56,13 +56,14 @@
// Java imports
import java.util.Iterator;
+
import javax.servlet.ServletConfig;
-// Jetspeed import
import org.apache.jetspeed.om.SecurityReference;
import org.apache.jetspeed.om.profile.Entry;
import org.apache.jetspeed.om.registry.RegistryEntry;
import org.apache.jetspeed.om.registry.SecurityEntry;
+import org.apache.jetspeed.om.security.Group;
import org.apache.jetspeed.om.security.JetspeedUser;
import org.apache.jetspeed.om.security.Role;
import org.apache.jetspeed.portal.Portlet;
@@ -71,13 +72,12 @@
import org.apache.jetspeed.services.Registry;
import org.apache.jetspeed.services.logging.JetspeedLogFactoryService;
import org.apache.jetspeed.services.logging.JetspeedLogger;
+import org.apache.jetspeed.services.security.JetspeedGroupManagement;
import org.apache.jetspeed.services.security.JetspeedRoleManagement;
import org.apache.jetspeed.services.security.PortalAccessController;
import org.apache.jetspeed.services.security.PortalResource;
-
-// Turbine imports
-import org.apache.turbine.services.TurbineBaseService;
import org.apache.turbine.services.InitializationException;
+import org.apache.turbine.services.TurbineBaseService;
/**
* TurbineAccessController
@@ -267,6 +267,14 @@
if (securityEntry.allowsRole((String) role.getName(), action))
return true;
}
+
+ for( Iterator groups = JetspeedGroupManagement.getGroups(user.getUserName()); groups.hasNext();)
+ {
+ Group group = (Group) groups.next();
+ if (securityEntry.allowsGroup((String) group.getName(), action))
+ return true;
+ }
+
}
catch (Exception e)
{
1.6 +97 -25 jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/registry/TestAccessController.java
Index: TestAccessController.java
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/registry/TestAccessController.java,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- TestAccessController.java 8 Aug 2003 18:28:03 -0000 1.5
+++ TestAccessController.java 2 Jan 2004 21:20:11 -0000 1.6
@@ -55,35 +55,34 @@
package org.apache.jetspeed.services.security.registry;
// Java imports
+import java.util.Iterator;
import java.util.Vector;
-// Jetspeed imports
-import org.apache.jetspeed.test.JetspeedTestCase;
-import org.apache.jetspeed.om.profile.Entry;
-import org.apache.jetspeed.om.profile.psml.PsmlEntry;
+import junit.awtui.TestRunner;
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
import org.apache.jetspeed.om.BaseSecurityReference;
import org.apache.jetspeed.om.SecurityReference;
-import org.apache.jetspeed.om.security.JetspeedUser;
+import org.apache.jetspeed.om.profile.Entry;
+import org.apache.jetspeed.om.profile.psml.PsmlEntry;
+import org.apache.jetspeed.om.registry.RegistryEntry;
+import org.apache.jetspeed.om.registry.SecurityAccess;
+import org.apache.jetspeed.om.registry.SecurityAllow;
+import org.apache.jetspeed.om.registry.SecurityEntry;
import org.apache.jetspeed.om.registry.base.BaseSecurityAccess;
import org.apache.jetspeed.om.registry.base.BaseSecurityAllow;
import org.apache.jetspeed.om.registry.base.BaseSecurityEntry;
-import org.apache.jetspeed.om.registry.RegistryEntry;
-import org.apache.jetspeed.om.registry.SecurityEntry;
-
-import org.apache.jetspeed.services.JetspeedSecurity;
+import org.apache.jetspeed.om.security.JetspeedUser;
import org.apache.jetspeed.services.JetspeedPortalAccessController;
+import org.apache.jetspeed.services.JetspeedSecurity;
import org.apache.jetspeed.services.Registry;
import org.apache.jetspeed.services.resources.JetspeedResources;
+import org.apache.jetspeed.services.security.JetspeedGroupManagement;
import org.apache.jetspeed.services.security.JetspeedRoleManagement;
-
-// Turbine imports
-import org.apache.turbine.util.TurbineConfig;
+import org.apache.jetspeed.test.JetspeedTestCase;
import org.apache.turbine.util.StringUtils;
-
-// Junit imports
-import junit.awtui.TestRunner;
-import junit.framework.Test;
-import junit.framework.TestSuite;
+import org.apache.turbine.util.TurbineConfig;
/**
* TestAccessController
@@ -148,11 +147,11 @@
"org.apache.jetspeed.services.security.registry.RegistryAccessController",
JetspeedResources.getString("services.PortalAccessController.classname"));
- Registry.addEntry(Registry.SECURITY, (RegistryEntry) createSecurityEntry( "admin_only", "admin", "*"));
+ Registry.addEntry(Registry.SECURITY, (RegistryEntry) createSecurityEntry( "admin_only", null, "admin", null, "*"));
assertNotNull( "Getting admin_only security " , Registry.getEntry( Registry.SECURITY, "admin_only"));
- Registry.addEntry(Registry.SECURITY, (RegistryEntry) createSecurityEntry( "user_only", "user", "*"));
+ Registry.addEntry(Registry.SECURITY, (RegistryEntry) createSecurityEntry( "user_only", null, "user", null, "*"));
assertNotNull( "Getting user_only security " , Registry.getEntry( Registry.SECURITY, "user_only"));
- Registry.addEntry(Registry.SECURITY, (RegistryEntry) createSecurityEntry( "wide_open", null, "*"));
+ Registry.addEntry(Registry.SECURITY, (RegistryEntry) createSecurityEntry( "wide_open", null, null, null, "*"));
assertNotNull( "Getting wide_open security " , Registry.getEntry( Registry.SECURITY, "wide_open"));
/*
@@ -167,7 +166,7 @@
* </access>
* </security-entry>
*/
- Registry.addEntry(Registry.SECURITY, (RegistryEntry) createSecurityEntry( "all_users-view_anon", "user", "*"));
+ Registry.addEntry(Registry.SECURITY, (RegistryEntry) createSecurityEntry( "all_users-view_anon", null, "user", null, "*"));
assertNotNull( "Getting all_users-view_anon security " , Registry.getEntry( Registry.SECURITY, "all_users-view_anon"));
SecurityEntry secEntry = (SecurityEntry) Registry.getEntry( Registry.SECURITY, "all_users-view_anon");
Vector accessVector = secEntry.getAccesses();
@@ -248,7 +247,78 @@
assertEquals( "Anonymous user has maximize access to " + USERANON_PORTLET, false, JetspeedPortalAccessController.checkPermission( anonymousUser, userAnonEntry, "maximize"));
}
-/*
+ public void testGroups() throws Exception
+ {
+ /*
+ * Create a security entry that looks look like the following
+ *
+ * <security-entry name="powerusers_all-anon_view">
+ * <access action="*">
+ * <allow-if group="powerusers"/>
+ * <allow-if role="admin"/>
+ * </access>
+ * <access action="view">
+ * <allow-if role="anon"/>
+ * </access>
+ * </security-entry>
+ */
+
+ assertEquals( "Using RegistryAccessController",
+ "org.apache.jetspeed.services.security.registry.RegistryAccessController",
+ JetspeedResources.getString("services.PortalAccessController.classname"));
+
+ SecurityEntry paav = createSecurityEntry( "powerusers_all-anon_view", "powerusers", null, null, "*");
+ Registry.addEntry(Registry.SECURITY, (RegistryEntry) paav);
+ assertNotNull( "Getting powerusers_all-anon_view" , Registry.getEntry( Registry.SECURITY, "powerusers_all-anon_view"));
+
+ SecurityEntry secEntry = (SecurityEntry) Registry.getEntry( Registry.SECURITY, "powerusers_all-anon_view");
+ Vector accessVector = secEntry.getAccesses();
+
+ for (Iterator it = accessVector.iterator(); it.hasNext();)
+ {
+ SecurityAccess access = (SecurityAccess) it.next();
+ System.out.println("Action:" + access.getAction().toString());
+
+ Vector allAllows = access.getAllAllows();
+ for (Iterator it1 = allAllows.iterator(); it1.hasNext();)
+ {
+ SecurityAllow allow = (SecurityAllow) it1.next();
+ System.out.println("Allow group: " + allow.getGroup() + ", role: " + allow.getRole() + ", user: " + allow.getUser());
+ }
+ }
+
+ SecurityReference secRef = new BaseSecurityReference();
+ secRef.setParent("powerusers_all-anon_view");
+ Entry adminEntry = createEntry(ADMIN_PORTLET, "ST_01.admin", secRef);
+
+ JetspeedUser turbineUser = (JetspeedUser) JetspeedSecurity.getUser("turbine");
+ assertNotNull( "Getting turbine user", turbineUser);
+ turbineUser.setHasLoggedIn(Boolean.TRUE);
+
+ try
+ {
+ JetspeedGroupManagement.unjoinGroup("turbine", "powerusers");
+ }
+ catch (Exception e)
+ {
+ }
+
+ assertEquals( "Turbine user has no view access to " + ADMIN_PORTLET, false, JetspeedPortalAccessController.checkPermission( turbineUser, adminEntry, "view"));
+
+ //Group pug = new BaseJetspeedGroup("powerusers");
+ //JetspeedGroupManagement.addGroup(pug);
+ try
+ {
+ JetspeedGroupManagement.joinGroup("turbine", "powerusers");
+ }
+ catch (Exception e)
+ {
+ }
+
+ assertEquals( "Turbine user has view access to " + ADMIN_PORTLET, true, JetspeedPortalAccessController.checkPermission( turbineUser, adminEntry, "view"));
+ }
+
+ /*
* Setup Turbine environment
*/
@@ -286,13 +356,15 @@
return entry;
}
- private SecurityEntry createSecurityEntry( String name, String role, String action)
+ private SecurityEntry createSecurityEntry( String name, String group, String role, String user, String action)
{
Vector allowVector = null;
- if (role != null)
+ if (role != null || group != null || user != null)
{
BaseSecurityAllow allowElement = new BaseSecurityAllow();
allowElement.setRole(role);
+ allowElement.setGroup(group);
+ allowElement.setUser(user);
allowVector = new Vector();
allowVector.addElement(allowElement);
}
1.15 +4 -0 jakarta-jetspeed/webapp/WEB-INF/conf/registry.xml
Index: registry.xml
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/webapp/WEB-INF/conf/registry.xml,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- registry.xml 25 Aug 2003 06:18:41 -0000 1.14
+++ registry.xml 2 Jan 2004 21:20:11 -0000 1.15
@@ -471,6 +471,10 @@
<field name="role" type="java.lang.String">
<bind-xml name="role" node="attribute"/>
</field>
+
+ <field name="group" type="java.lang.String">
+ <bind-xml name="group" node="attribute"/>
+ </field>
<field name="user" type="java.lang.String">
<bind-xml name="user" node="attribute"/>
1.4 +18 -3 jakarta-jetspeed/webapp/WEB-INF/templates/vm/portlets/html/security-form.vm
Index: security-form.vm
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/webapp/WEB-INF/templates/vm/portlets/html/security-form.vm,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- security-form.vm 27 Aug 2003 00:56:46 -0000 1.3
+++ security-form.vm 2 Jan 2004 21:20:11 -0000 1.4
@@ -153,8 +153,8 @@
#if($allow)
<table>
<tr>
- <td>#if($allow.user)$l10n.REGISTRY_EDITOR_SECURITY_ACCESS_USER #elseif($allow.role)$l10n.REGISTRY_EDITOR_SECURITY_ACCESS_ROLE #else $l10n.REGISTRY_EDITOR_SECURITY_ACCESS_OWNER #end</td>
- <td>#if($allow.user)$allow.user #elseif($allow.role)$allow.role #else #end</td>
+ <td>#if($allow.user)$l10n.REGISTRY_EDITOR_SECURITY_ACCESS_USER #elseif($allow.role)$l10n.REGISTRY_EDITOR_SECURITY_ACCESS_ROLE #elseif($allow.group)$l10n.REGISTRY_EDITOR_SECURITY_ACCESS_GROUP #else $l10n.REGISTRY_EDITOR_SECURITY_ACCESS_OWNER #end</td>
+ <td>#if($allow.user)$allow.user #elseif($allow.role)$allow.role #elseif($allow.group)$allow.group #else #end</td>
<tr>
</table>
#else
@@ -176,12 +176,13 @@
var userSelect = new Array;
var roleSelect = new Array;
+ var groupSelect = new Array;
var populated = false;
function populate()
{
#foreach($user in $users)
- #set($myCount = $velocityCount - 1)
+ #set($myCount = $velocityCount - 1)
var userOption$myCount = new Option;
userOption${myCount}.value = "$user.userName";
userOption${myCount}.text = "$user.userName";
@@ -197,6 +198,15 @@
roleSelect[$myCount] = roleOption$myCount;
#end
+
+ #foreach($group in $groups)
+ #set($myCount = $velocityCount - 1)
+ var groupOption$myCount = new Option;
+ groupOption${myCount}.value = "$group.name";
+ groupOption${myCount}.text = "$group.name";
+
+ groupSelect[$myCount] = groupOption$myCount;
+ #end
populated = true;
}
@@ -221,6 +231,10 @@
{
newOpts = roleSelect;
}
+ else if(val == "group")
+ {
+ newOpts = groupSelect;
+ }
var select = document.NewSecurity.allow_value;
@@ -258,6 +272,7 @@
<option value="owner">$l10n.REGISTRY_EDITOR_SECURITY_ACCESS_OWNER</option>
<option value="user">$l10n.REGISTRY_EDITOR_SECURITY_ACCESS_USER</option>
<option value="role">$l10n.REGISTRY_EDITOR_SECURITY_ACCESS_ROLE</option>
+ <option value="group">$l10n.REGISTRY_EDITOR_SECURITY_ACCESS_GROUP</option>
</select>
</td>
</tr>
1.11 +10 -2 jakarta-jetspeed/xdocs/security.xml
Index: security.xml
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/xdocs/security.xml,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- security.xml 12 Dec 2003 17:54:17 -0000 1.10
+++ security.xml 2 Jan 2004 21:20:11 -0000 1.11
@@ -222,7 +222,7 @@
The default Jetspeed security service stores its security constraints in a Jetspeed registry.
New security constraints are deployed in to Jetspeed as XREG files.
They are standalone, high level registry elements like a portlet-entry.
-Constraints list the valid roles and users for the constraint, and the action for which
+Constraints list the valid roles, groups and users for the constraint, and the action for which
we are allowing (granting) access on the resource.
The tables below defines the valid attributes and elements of a security entry:
</p>
@@ -278,7 +278,7 @@
</tr>
<tr>
<td>allow-if</td>
- <td>Defines which role will be granted access for the associated action. If not defined, access is denied to everyone for the associated action.</td>
+ <td>Defines which role/group/user will be granted access for the associated action. If not defined, access is denied to everyone for the associated action.</td>
</tr>
<tr>
<td>allow-if-owner</td>
@@ -295,8 +295,16 @@
<th>Description</th>
</tr>
<tr>
+ <td>user</td>
+ <td>Defines the security username required for this security constraint.</td>
+</tr>
+<tr>
<td>role</td>
<td>Defines the security role required for this security constraint.</td>
+</tr>
+<tr>
+ <td>group</td>
+ <td>Defines the security group required for this security constraint.</td>
</tr>
</table>
<br/>
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org